MDKSA-2000:041

Problem description

There is a potential race condation when using tmpnam() and fopen() in
xpdf versions prior to 0.91. This exploit can be only used as root to
overwrite arbitrary files if a symlink is created between the calls to
tmpname() and fopen(). There is also a problem with malicious
URL-type links in PDF documents that contain quote characters which
could also potentially be used to execute arbitrary commands. This is
due to xpdf calling system() with a netscape (or similar) command plus
the URL. The 0.91 release of xpdf fixes both of these potential
problems. Although there are no known exploits, users are encouraged
to upgrade their system with these updates.